com.amazonaws.services.kms.model

Class EncryptRequest

java.lang.Object

com.amazonaws.AmazonWebServiceRequest

com.amazonaws.services.kms.model.EncryptRequest

All Implemented Interfaces:

ReadLimitInfo, Serializable, Cloneable

public class EncryptRequest
extends AmazonWebServiceRequest
implements Serializable, Cloneable

Container for the parameters to the Encrypt operation.

Encrypts plaintext into ciphertext by using a customer master key. The Encrypt function has two primary use cases:

• You can encrypt up to 4 KB of arbitrary data such as an RSA key, a database password, or other sensitive customer information.
• If you are moving encrypted data from one region to another, you can use this API to encrypt in the new region the plaintext data key that was used to encrypt the data in the original region. This provides you with an encrypted copy of the data key that can be decrypted in the new region and used there to decrypt the encrypted data.

Unless you are moving encrypted data from one region to another, you don't use this function to encrypt a generated data key within a region. You retrieve data keys already encrypted by calling the GenerateDataKey or GenerateDataKeyWithoutPlaintext function. Data keys don't need to be encrypted again by calling Encrypt .

If you want to encrypt data locally in your application, you can use the GenerateDataKey function to return a plaintext data encryption key and a copy of the key encrypted under the customer master key (CMK) of your choosing.

See Also:

AWSKMS.encrypt(EncryptRequest), Serialized Form

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceRequest

NOOP

Constructor Summary

Constructors

Constructor and Description
EncryptRequest()

Method Summary

Methods

Modifier and Type	Method and Description
EncryptRequest	addEncryptionContextEntry(String key, String value) Name/value pair that specifies the encryption context to be used for authenticated encryption.
EncryptRequest	clearEncryptionContextEntries() Removes all the entries added into EncryptionContext.
EncryptRequest	clone()
boolean	equals(Object obj)
Map<String,String>	getEncryptionContext() Name/value pair that specifies the encryption context to be used for authenticated encryption.
List<String>	getGrantTokens() A list of grant tokens.
String	getKeyId() A unique identifier for the customer master key.
ByteBuffer	getPlaintext() Data to be encrypted.
int	hashCode()
void	setEncryptionContext(Map<String,String> encryptionContext) Name/value pair that specifies the encryption context to be used for authenticated encryption.
void	setGrantTokens(Collection<String> grantTokens) A list of grant tokens.
void	setKeyId(String keyId) A unique identifier for the customer master key.
void	setPlaintext(ByteBuffer plaintext) Data to be encrypted.
String	toString() Returns a string representation of this object; useful for testing and debugging.
EncryptRequest	withEncryptionContext(Map<String,String> encryptionContext) Name/value pair that specifies the encryption context to be used for authenticated encryption.
EncryptRequest	withGrantTokens(Collection<String> grantTokens) A list of grant tokens.
EncryptRequest	withGrantTokens(String... grantTokens) A list of grant tokens.
EncryptRequest	withKeyId(String keyId) A unique identifier for the customer master key.
EncryptRequest	withPlaintext(ByteBuffer plaintext) Data to be encrypted.

Methods inherited from class com.amazonaws.AmazonWebServiceRequest

copyBaseTo, getCloneRoot, getCloneSource, getCustomQueryParameters, getCustomRequestHeaders, getGeneralProgressListener, getReadLimit, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, putCustomQueryParameter, putCustomRequestHeader, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollector

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

EncryptRequest

public EncryptRequest()

Method Detail

getKeyId

public String getKeyId()

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Constraints:
Length: 1 - 256

Returns:

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

setKeyId

public void setKeyId(String keyId)

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Constraints:
Length: 1 - 256

Parameters:

keyId - A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

withKeyId

public EncryptRequest withKeyId(String keyId)

A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 256

Parameters:

keyId - A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".

• Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
• Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
• Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
• Alias Name Example - alias/MyAliasName

Returns:

A reference to this updated object so that method calls can be chained together.

getPlaintext

public ByteBuffer getPlaintext()

Data to be encrypted.

Constraints:
Length: 1 - 4096

Returns:

Data to be encrypted.

setPlaintext

public void setPlaintext(ByteBuffer plaintext)

Data to be encrypted.

Constraints:
Length: 1 - 4096

Parameters:

plaintext - Data to be encrypted.

withPlaintext

public EncryptRequest withPlaintext(ByteBuffer plaintext)

Data to be encrypted.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 1 - 4096

Parameters:

plaintext - Data to be encrypted.

Returns:

A reference to this updated object so that method calls can be chained together.

getEncryptionContext

public Map<String,String> getEncryptionContext()

Name/value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.

Returns:

Name/value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.

setEncryptionContext

public void setEncryptionContext(Map<String,String> encryptionContext)

Name/value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.

Parameters:

encryptionContext - Name/value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.

withEncryptionContext

public EncryptRequest withEncryptionContext(Map<String,String> encryptionContext)

Name/value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.

Returns a reference to this object so that method calls can be chained together.

Parameters:

encryptionContext - Name/value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.

Returns:

A reference to this updated object so that method calls can be chained together.

addEncryptionContextEntry

public EncryptRequest addEncryptionContextEntry(String key,
                                       String value)

Name/value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the Decrypt API or decryption will fail. For more information, see Encryption Context.

The method adds a new key-value pair into EncryptionContext parameter, and returns a reference to this object so that method calls can be chained together.

Parameters:

key - The key of the entry to be added into EncryptionContext.

value - The corresponding value of the entry to be added into EncryptionContext.

clearEncryptionContextEntries

public EncryptRequest clearEncryptionContextEntries()

Removes all the entries added into EncryptionContext.

Returns a reference to this object so that method calls can be chained together.

getGrantTokens

public List<String> getGrantTokens()

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Constraints:
Length: 0 - 10

Returns:

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

setGrantTokens

public void setGrantTokens(Collection<String> grantTokens)

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Constraints:
Length: 0 - 10

Parameters:

grantTokens - A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

withGrantTokens

public EncryptRequest withGrantTokens(String... grantTokens)

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

NOTE: This method appends the values to the existing list (if any). Use setGrantTokens(java.util.Collection) or withGrantTokens(java.util.Collection) if you want to override the existing values.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 0 - 10

Parameters:

grantTokens - A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

A reference to this updated object so that method calls can be chained together.

withGrantTokens

public EncryptRequest withGrantTokens(Collection<String> grantTokens)

A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 0 - 10

Parameters:

grantTokens - A list of grant tokens.

For more information, go to Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

A reference to this updated object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object; useful for testing and debugging.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

clone

public EncryptRequest clone()

Overrides:

clone in class AmazonWebServiceRequest